If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Listening for hackers (NC day 3)

Net Cat (day3)

In this installment I’m going show you how to use NC as a key-logger against a would be intruder. An IDS or a honeypot if you will. The purpose in this is to help you to understand whats going on when you see those ZA alerts. Maybe even learn something about how hackers hack.

For this you’ll need:

A computer running windows (there’s enough *nix nc tuts)

NetCat

Netcat does come with the option to dump input data from the port its monitoring into a file in hex format:

nc –L –p37337 –0logfile.txt

This is alright except that everytime a new conection is made the file is overwritten.

If we instead re-direct the input to a file using “>>”:

Nc –L –p37337 >>logfile.txt

We’ll get the results of every command entered from all sessions seperated by an ascii 'box'.

We’ll begin by writing a batch file useing the most popular ports and put it in the start-up directory. (nc is already in the path of course)

It doesn’t matter if you don’t have these service, you don’t need them to listen on the ports.

Here we’re telling nc to keep listening for more connections after each session ends ( "-L" ). What port to listen on ( “-p” ) and detach itself from the te console so it doesn’t require all the prompts open to do its work ( "-d" ).

You can include all the ports you want or take them out for that matter. Netcat does not use allot of system resources.

After the bat file is run nc will wait for a connection on each port its told. To see whats been happening on each port just open its related text file.

Heres another bat file you can put in quick-launch to make reading the logs easier: